Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update module github.com/go-jose/go-jose/v3 to v3.0.3 #4

Closed
wants to merge 1 commit into from

chore(deps): update module github.com/go-jose/go-jose/v3 to v3.0.3

188eb72
Select commit
Loading
Failed to load commit list.
Closed

chore(deps): update module github.com/go-jose/go-jose/v3 to v3.0.3 #4

chore(deps): update module github.com/go-jose/go-jose/v3 to v3.0.3
188eb72
Select commit
Loading
Failed to load commit list.
Mend for GitHub.com / Mend Security Check failed Apr 23, 2024 in 22m 35s

Security Report

❗️Scan Warnings: The scan completed with warnings. The integration encountered issues with one or more projects in this repository. Consequently, there may be gaps in the coverage of open-source dependencies used in the repository.

general

https://amplearning.jfrog.io/artifactory/libs-release

Step Level Description Details
Checking registry connectivity ⚠Warn Unsupported configuration was provided Unsupported registry hostType gradle, skipped

https://amplearning.jfrog.io/artifactory/libs-snapshot

Step Level Description Details
Checking registry connectivity ⚠Warn Unsupported configuration was provided Unsupported registry hostType gradle, skipped

https://amplearning.jfrog.io/artifactory/plugins-release

Step Level Description Details
Checking registry connectivity ⚠Warn Unsupported configuration was provided Unsupported registry hostType gradle, skipped

https://amplearning.jfrog.io/artifactory/plugins-snapshot

Step Level Description Details
Checking registry connectivity ⚠Warn Unsupported configuration was provided Unsupported registry hostType gradle, skipped

https://amplearning.jfrog.io/artifactory/amplify-maven-internal

Step Level Description Details
Checking registry connectivity ⚠Warn Unsupported configuration was provided Unsupported registry hostType gradle, skipped

https://amplearning.jfrog.io/artifactory/amplify-maven-snapshots

Step Level Description Details
Checking registry connectivity ⚠Warn Unsupported configuration was provided Unsupported registry hostType gradle, skipped

You have successfully remediated 2 vulnerabilities, but introduced 1 new vulnerabilities in this branch.

❌ New vulnerabilities:

CVE Severity CVSS Score Vulnerable Library Suggested Fix Issue Reachability
WS-2022-0363

Path to dependency file: /ui/package.json

Path to vulnerable library: /ui/node_modules/ember-source/package.json

Dependency Hierarchy:

-> consul-ui-2.2.0.tgz (Root Library)

   -> ❌ ember-source-3.28.8.tgz (Vulnerable Library)

Critical 9.1 ember-source-3.28.8.tgz Upgrade to version: ember-source - 3.24.7,3.28.10,4.4.4,4.8.1 None

Unreachable

✔️ Remediated vulnerabilities:

CVE Vulnerable Library
WS-2023-0431 github.com/go-jose/go-jose/v3-v3.0.0
CVE-2024-28180 github.com/go-jose/go-jose/v3-v3.0.0

Base branch total remaining vulnerabilities: 20
Base branch commit: 223714bdea9c8760f2007a7e7e1b697b61338a75


Total libraries scanned: 1007

Scan token: 1c44df5be9d045779f4ce95d26c8cdf6

View more details on Mend for GitHub.com